CVE-2023-28109

Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...

CVE-2023-34844

Play With Docker 0.0.2 has an insecure CAPSYSADMIN privileged mode causing the docker container to escape...

The vulnerability of the CAP_SYS_ADMIN mode of the interactive platform for studying containerization in Play With Docker (PWD) allows a hacker to elevate their privileges and escape from an isolated environment.

The vulnerability of the CAPSYSADMIN mode of the interactive platform for the Play With Docker PWD study involves deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges and escape from an isolated environment...

CVE-2023-34844

Play With Docker 0.0.2 has an insecure CAPSYSADMIN privileged mode causing the docker container to escape...

CVE-2023-34844

Play With Docker 0.0.2 has an insecure CAPSYSADMIN privileged mode causing the docker container to escape...

CVE-2023-34844

Play With Docker 0.0.2 has an insecure CAPSYSADMIN privileged mode causing the docker container to escape...

Code injection

Play With Docker 0.0.2 has an insecure CAPSYSADMIN privileged mode causing the docker container to escape...

CVE-2023-34844

Play With Docker 0.0.2 has an insecure CAPSYSADMIN privileged mode causing the docker container to escape...

Play With Docker 安全漏洞

Play With Docker is an easy, interactive and fun training ground for learning Docker. A security vulnerability exists in Play With Docker versions prior to 0.0.2 that stems from having an insecure CAPSYSADMIN privilege pattern that causes Docker containers to escape...

PT-2023-7362 · Docker · Play With Docker

Name of the Vulnerable Software and Affected Versions: Play With Docker versions prior to 0.0.2 Description: The issue is related to an insecure CAP SYS ADMIN privileged mode in Play With Docker, which is associated with inadequate access control. This can be exploited by a remote attacker to...

Authorization Bypass Through User-Controlled Key play-with-docker

Impact Give that CORS configuration was not correct, an attacker could use play-with-docker.com as an example, set origin header in http request as evil-play-with-docker.com, it will be echo in response header, which successfully bypass the CORS policy and retrieves basic user information. Patche...

CVE-2023-28109

Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...

Design/Logic Flaw

Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...

CVE-2023-28109 Play With Docker vulnerable to Authorization Bypass Through User-Controlled Key

Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...

CVE-2023-28109 Play With Docker vulnerable to Authorization Bypass Through User-Controlled Key

Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...

CVE-2023-28109 Play With Docker vulnerable to Authorization Bypass Through User-Controlled Key

Play With Docker is a browser-based Docker playground. Versions 0.0.2 and prior are vulnerable to domain hijacking. Because CORS configuration was not correct, an attacker could use play-with-docker.com as an example and set the origin header in an http request as evil-play-with-docker.com. The...

CVE-2023-28109

Play With Docker (browser-based Docker playground) is affected by a CORS configuration vulnerability. Versions 0.0.2 and earlier allow domain hijacking: an attacker can craft requests with Origin header set to evil-play-with-docker.com, causing the server to echo header values in responses and by...

Play With Docker 安全漏洞

Play With Docker is an easy, interactive and fun training ground for learning Docker. A security vulnerability exists in Play With Docker version 0.0.2 and prior versions that stems from incorrect CORS configuration...

PT-2023-21567 · Docker · Play With Docker

Name of the Vulnerable Software and Affected Versions: Play With Docker versions 0.0.2 and prior Description: Play With Docker is a browser-based Docker playground. The issue arises from incorrect CORS configuration, allowing an attacker to bypass the CORS policy by setting the origin header in a...

Hack Allows Escape of Play-with-Docker Containers

Researchers hacked the Docker test platform called Play-with-Docker, allowing them to access data and manipulate any test Docker containers running on the host system. The proof-of-concept hack does not impact production Docker instances, according to CyberArk researchers that developed the...